Mercurial > jdk8-mips64-public > jaxws / file comparison

comparison: src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java

src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java

changeset 408
b0610cd08440
parent 397
b99d7e355d4b
child 637
9c07ef4934dd
child 721
06807f9a6835
equal deleted inserted replaced
405:cc682329886b 408:b0610cd08440
41 41
42 import org.xml.sax.SAXException; 42 import org.xml.sax.SAXException;
43 import org.xml.sax.SAXNotRecognizedException; 43 import org.xml.sax.SAXNotRecognizedException;
44 import org.xml.sax.SAXNotSupportedException; 44 import org.xml.sax.SAXNotSupportedException;
45 45
46 import static com.sun.xml.internal.bind.Util.getSystemProperty;
47
46 /** 48 /**
47 * Provides helper methods for creating properly configured XML parser 49 * Provides helper methods for creating properly configured XML parser
48 * factory instances with namespace support turned on and configured for 50 * factory instances with namespace support turned on and configured for
49 * security. 51 * security.
50 * @author snajper 52 * @author snajper
51 */ 53 */
52 public class XmlFactory { 54 public class XmlFactory {
53 55
54 // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used 56 // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used
55 public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; 57 public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
58 public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD";
56 59
57 private static final Logger LOGGER = Logger.getLogger(XmlFactory.class.getName()); 60 private static final Logger LOGGER = Logger.getLogger(XmlFactory.class.getName());
58 61
59 /** 62 /**
60 * If true XML security features when parsing XML documents will be disabled. 63 * If true XML security features when parsing XML documents will be disabled.
63 * Boolean 66 * Boolean
64 * @since 2.2.6 67 * @since 2.2.6
65 */ 68 */
66 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity"; 69 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity";
67 70
68 public static final boolean DISABLE_SECURE_PROCESSING = 71 public static final boolean XML_SECURITY_DISABLED = Boolean.parseBoolean(getSystemProperty(DISABLE_XML_SECURITY));
69 Boolean.parseBoolean(Util.getSystemProperty(DISABLE_XML_SECURITY)); 72
70 73 private static boolean isXMLSecurityDisabled(boolean runtimeSetting) {
71 private static boolean xmlFeatureValue(boolean runtimeSetting) { 74 return XML_SECURITY_DISABLED || runtimeSetting;
72 return !(DISABLE_SECURE_PROCESSING || runtimeSetting);
73 } 75 }
74 76
75 /** 77 /**
76 * Returns properly configured (e.g. security features) schema factory 78 * Returns properly configured (e.g. security features) schema factory
77 * - namespaceAware == true 79 * - namespaceAware == true
81 try { 83 try {
82 SchemaFactory factory = SchemaFactory.newInstance(language); 84 SchemaFactory factory = SchemaFactory.newInstance(language);
83 if (LOGGER.isLoggable(Level.FINE)) { 85 if (LOGGER.isLoggable(Level.FINE)) {
84 LOGGER.log(Level.FINE, "SchemaFactory instance: {0}", factory); 86 LOGGER.log(Level.FINE, "SchemaFactory instance: {0}", factory);
85 } 87 }
86 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 88 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
87 return factory; 89 return factory;
88 } catch (SAXNotRecognizedException ex) { 90 } catch (SAXNotRecognizedException ex) {
89 LOGGER.log(Level.SEVERE, null, ex); 91 LOGGER.log(Level.SEVERE, null, ex);
90 throw new IllegalStateException(ex); 92 throw new IllegalStateException(ex);
91 } catch (SAXNotSupportedException ex) { 93 } catch (SAXNotSupportedException ex) {
107 SAXParserFactory factory = SAXParserFactory.newInstance(); 109 SAXParserFactory factory = SAXParserFactory.newInstance();
108 if (LOGGER.isLoggable(Level.FINE)) { 110 if (LOGGER.isLoggable(Level.FINE)) {
109 LOGGER.log(Level.FINE, "SAXParserFactory instance: {0}", factory); 111 LOGGER.log(Level.FINE, "SAXParserFactory instance: {0}", factory);
110 } 112 }
111 factory.setNamespaceAware(true); 113 factory.setNamespaceAware(true);
112 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 114 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
113 return factory; 115 return factory;
114 } catch (ParserConfigurationException ex) { 116 } catch (ParserConfigurationException ex) {
115 LOGGER.log(Level.SEVERE, null, ex); 117 LOGGER.log(Level.SEVERE, null, ex);
116 throw new IllegalStateException( ex); 118 throw new IllegalStateException( ex);
117 } catch (SAXNotRecognizedException ex) { 119 } catch (SAXNotRecognizedException ex) {
134 try { 136 try {
135 XPathFactory factory = XPathFactory.newInstance(); 137 XPathFactory factory = XPathFactory.newInstance();
136 if (LOGGER.isLoggable(Level.FINE)) { 138 if (LOGGER.isLoggable(Level.FINE)) {
137 LOGGER.log(Level.FINE, "XPathFactory instance: {0}", factory); 139 LOGGER.log(Level.FINE, "XPathFactory instance: {0}", factory);
138 } 140 }
139 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 141 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
140 return factory; 142 return factory;
141 } catch (XPathFactoryConfigurationException ex) { 143 } catch (XPathFactoryConfigurationException ex) {
142 LOGGER.log(Level.SEVERE, null, ex); 144 LOGGER.log(Level.SEVERE, null, ex);
143 throw new IllegalStateException( ex); 145 throw new IllegalStateException( ex);
144 } catch (AbstractMethodError er) { 146 } catch (AbstractMethodError er) {
155 try { 157 try {
156 TransformerFactory factory = TransformerFactory.newInstance(); 158 TransformerFactory factory = TransformerFactory.newInstance();
157 if (LOGGER.isLoggable(Level.FINE)) { 159 if (LOGGER.isLoggable(Level.FINE)) {
158 LOGGER.log(Level.FINE, "TransformerFactory instance: {0}", factory); 160 LOGGER.log(Level.FINE, "TransformerFactory instance: {0}", factory);
159 } 161 }
160 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 162 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
161 return factory; 163 return factory;
162 } catch (TransformerConfigurationException ex) { 164 } catch (TransformerConfigurationException ex) {
163 LOGGER.log(Level.SEVERE, null, ex); 165 LOGGER.log(Level.SEVERE, null, ex);
164 throw new IllegalStateException( ex); 166 throw new IllegalStateException( ex);
165 } catch (AbstractMethodError er) { 167 } catch (AbstractMethodError er) {
178 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); 180 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
179 if (LOGGER.isLoggable(Level.FINE)) { 181 if (LOGGER.isLoggable(Level.FINE)) {
180 LOGGER.log(Level.FINE, "DocumentBuilderFactory instance: {0}", factory); 182 LOGGER.log(Level.FINE, "DocumentBuilderFactory instance: {0}", factory);
181 } 183 }
182 factory.setNamespaceAware(true); 184 factory.setNamespaceAware(true);
183 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, xmlFeatureValue(disableSecureProcessing)); 185 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing));
184 return factory; 186 return factory;
185 } catch (ParserConfigurationException ex) { 187 } catch (ParserConfigurationException ex) {
186 LOGGER.log(Level.SEVERE, null, ex); 188 LOGGER.log(Level.SEVERE, null, ex);
187 throw new IllegalStateException( ex); 189 throw new IllegalStateException( ex);
188 } catch (AbstractMethodError er) { 190 } catch (AbstractMethodError er) {
189 LOGGER.log(Level.SEVERE, null, er); 191 LOGGER.log(Level.SEVERE, null, er);
190 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); 192 throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er);
191 } 193 }
192 } 194 }
193 195
194 public static SchemaFactory allowFileAccess(SchemaFactory sf, boolean disableSecureProcessing) { 196 public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) {
195 197
196 // if feature secure processing enabled, nothing to do, file is allowed, 198 // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied
197 // or user is able to control access by standard JAXP mechanisms 199 if (isXMLSecurityDisabled(disableSecureProcessing)) {
198 if (disableSecureProcessing) { 200 if (LOGGER.isLoggable(Level.FINE)) {
199 return sf; 201 LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format());
200 } 202 }
201 203 return sf;
202 try { 204 }
203 sf.setProperty(ACCESS_EXTERNAL_SCHEMA, "file"); 205
204 LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA)); 206 if (System.getProperty("javax.xml.accessExternalSchema") != null) {
207 if (LOGGER.isLoggable(Level.FINE)) {
208 LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format());
209 }
210 return sf;
211 }
212
213 try {
214 sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value);
215 if (LOGGER.isLoggable(Level.FINE)) {
216 LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA));
217 }
205 } catch (SAXException ignored) { 218 } catch (SAXException ignored) {
206 // nothing to do; support depends on version JDK or SAX implementation 219 // nothing to do; support depends on version JDK or SAX implementation
207 LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA), ignored); 220 if (LOGGER.isLoggable(Level.CONFIG)) {
221 LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA), ignored);
222 }
208 } 223 }
209 return sf; 224 return sf;
210 } 225 }
211 226
227 public static SchemaFactory allowExternalDTDAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) {
228
229 // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied
230 if (isXMLSecurityDisabled(disableSecureProcessing)) {
231 if (LOGGER.isLoggable(Level.FINE)) {
232 LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format());
233 }
234 return sf;
235 }
236
237 if (System.getProperty("javax.xml.accessExternalDTD") != null) {
238 if (LOGGER.isLoggable(Level.FINE)) {
239 LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format());
240 }
241 return sf;
242 }
243
244 try {
245 sf.setProperty(ACCESS_EXTERNAL_DTD, value);
246 if (LOGGER.isLoggable(Level.FINE)) {
247 LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD));
248 }
249 } catch (SAXException ignored) {
250 // nothing to do; support depends on version JDK or SAX implementation
251 if (LOGGER.isLoggable(Level.CONFIG)) {
252 LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD), ignored);
253 }
254 }
255 return sf;
256 }
257
212 } 258 }

Mercurial Repository: jdk8-mips64-public/jaxws

mercurial